What we can learn from LulzSec
-
Upload
positive-hack-days -
Category
Technology
-
view
2.030 -
download
1
description
Transcript of What we can learn from LulzSec
![Page 1: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/1.jpg)
What we can learn from LulzSecPHDAYS 2012
![Page 2: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/2.jpg)
About Me
• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives
• [email protected]• jerrygamblin.com• @jgamblin (twitter)
![Page 3: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/3.jpg)
About Me
![Page 4: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/4.jpg)
About Me
![Page 5: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/5.jpg)
Why I am giving this talk…
![Page 6: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/6.jpg)
Why I am giving this talk…
![Page 7: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/7.jpg)
Why I am giving this talk…
![Page 8: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/8.jpg)
Overview
• The Players• The Vigilantes• The Tools• The Campaigns• What we learned. • How We Can Stop It.
![Page 9: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/9.jpg)
The Players
![Page 10: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/10.jpg)
Who is who?
Anonymous
LulzsecAnti-Sec
![Page 11: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/11.jpg)
Anonymous
![Page 12: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/12.jpg)
Anonymous
![Page 13: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/13.jpg)
Anonymous
• First active as a hacking group in 2008• Originated on:– 4CHAN– Futaba ( Japanese variant of 4CHAN)– Encyclopædia Dramatica
![Page 14: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/14.jpg)
LOLCATS
![Page 15: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/15.jpg)
Membership
"[Anonymous is] the first Internet-based superconsciousness. Anonymous is a group, in the sense that a flock of birds is a group. How do you know they're a group? Because they're traveling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely."
—Chris Landers. Baltimore City Paper, April 2, 2008
![Page 16: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/16.jpg)
Mission Statement
We [Anonymous] just happen to be a group of people on the internet who need — just kind of an outlet to do as we wish, that we wouldn't be able to do in regular society. ...That's more or less the point of it. Do as you wish. ... There's a common phrase: 'we are doing it for the lulz.‘
—Trent Peacock. Search Engine: The face of Anonymous, February 7, 2008.
![Page 17: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/17.jpg)
Not So Anonymous
![Page 18: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/18.jpg)
What A Hacker Looks Like…
![Page 19: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/19.jpg)
What A Hacker Looks Like?
![Page 20: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/20.jpg)
LulzSec
• Anonymous all-star team.• Had 4 to 9 active members.• Highly active and technical. • "Laughing at your security since 2011!"
![Page 21: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/21.jpg)
Sabu
![Page 22: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/22.jpg)
Anarchaos
![Page 23: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/23.jpg)
Topiary
![Page 24: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/24.jpg)
Kayla
![Page 25: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/25.jpg)
TFlow
![Page 26: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/26.jpg)
Viral
![Page 27: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/27.jpg)
Recursion
![Page 28: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/28.jpg)
Anti-Sec
• Anti-Sec was the re-merger of lulzSec and anonymous in late June 2011.
![Page 29: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/29.jpg)
W0rmer & CabinCr3W
![Page 30: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/30.jpg)
The Vigilantes
![Page 31: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/31.jpg)
th3j35t3r
• @th3j35t3r• Anti-Jihad hacker• XerXes DDOS tool• Leads the anti-anonymous crusade on twitter• Went offline May 9th.
![Page 32: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/32.jpg)
BacktraceSecurity
• backtracesecurity.com• @backtracesec• Gave a talk at Defcon19 about exposing anon.– Anonymous and the rise of the Adhocracy
![Page 33: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/33.jpg)
The Tools
![Page 34: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/34.jpg)
IRC
• Mostly on irc.2600.net• Anonymous channels– #Anonymous– #Antisec
• Anti-anonymous channels– #AntiAntiSec– #Prosec
![Page 35: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/35.jpg)
• Used mainly for press relations and public support.• Main accounts:– @anonymousirc– @anonymousabu– @youranonnews– @anonops – @anoncmd– @lulzsec
![Page 36: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/36.jpg)
PasteBin.com
• Public and anonymous clipboard.• Developed to easily share source code. • Used by Anonymous to share dox and dumps
of stolen information.
![Page 37: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/37.jpg)
CloudFlare.com
![Page 38: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/38.jpg)
CloudFlare.com
• Distributed cloud IDS/IPS. • Hides your real server IP. • Stops DDOS attacks.• FREE!
![Page 39: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/39.jpg)
Hidemyass.com
• VPN Service• Anonymous internet identity– 18,000 unique IP addresses
![Page 40: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/40.jpg)
Doxing
• Public dump of an individuals personal information.
• Often leads to real life harassment.
![Page 41: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/41.jpg)
Blackout Faxing
![Page 42: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/42.jpg)
Low Orbit Ion Cannon
![Page 43: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/43.jpg)
Low Orbit Ion Cannon
• Network stress testing tool.– (Read DDOS tool)
• Written by Anonymous members.• Hivemind– Allows machines to join a voluntary botnet.
• Open source project hosted on sf.net
![Page 44: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/44.jpg)
SQLMAP
• Open source database penetration testing tool. • Works on the major SQL databases– MySQL– Oracle – PostgreSQL– Microsoft SQL
• “Wizard” mode. • Ability to give you a root shell on Linux machines.• Open source project hosted on sf.net
![Page 45: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/45.jpg)
SQLMAP
![Page 46: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/46.jpg)
No Known 0-Days
![Page 47: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/47.jpg)
The Campaigns
![Page 48: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/48.jpg)
Epilepsy Foundation Forums
Date March 2008
Targets Epilepsy Foundation of AmericaNational Society for Epilepsy
Attack Method Posting flashing images on the forums frequented by epilepsy sufferers in the attempt to cause seizures and migraine headaches.
![Page 49: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/49.jpg)
No Cussing Club
![Page 50: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/50.jpg)
No Cussing Club
Date January 2009
Target McKay Hatch
Attack Method • Posted his and his families address, email and phone number online.
• Harassed him via email and phone calls. • Pizza bombed his house.• Subscribed him to over 100 pornographic magazines.
![Page 51: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/51.jpg)
Operation Titstorm
Date February 2010
Target Australian government for passing anti- pornography law dealing with animated pornography.
Attack Method DDOS:• Australian Parliament Defaced:• Australian Prime MinisterFax Attack: • Australian Government communications department.
![Page 52: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/52.jpg)
Operation Payback
![Page 53: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/53.jpg)
Operation Payback
Date September 2010
Target Aiplex Software for DDOSing sharing sites after they refused to remove copyrighted material.
Attack Method DDOS:• ACS:Law• Australian Federation Against Copyright Theft • ACAPOR• Ministry of Sound• Spanish Copyright SocietySQLI:• UK Intellectual Property OfficeDefaced:• GeneSimmons.com
![Page 54: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/54.jpg)
Operation Avenge Assange
Date December 2010
Target Companies who stopped process donations to Assange or stopped hosting wikileaks content.
Attack Method DDOS:• PostFinance• Swedish Prosecution Authority• EveryDNS• MasterCard• Borgstrom and Bodström• Visa• PayPal• PayPal API• Sarah Palin• Joseph LiebermanAborted DDOS:• Amazon
![Page 55: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/55.jpg)
Operation Sony
![Page 56: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/56.jpg)
Operation Sony
Date February 2011
Target Sony for their lawsuit against George Hotz who hacked the PS3.
Attack Method SQLI:• Sony PlayStation Network• Sony Online Entertainment • Sony BMG America• Sony Music Japan• Sony BMG Greece• Sony Portugal
![Page 57: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/57.jpg)
Operation Tunisia
![Page 58: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/58.jpg)
Operation Tunisia
Date May 2011
Target Tunisian Government Websites
Attack Method DDOS:• President• Prime Minister• Ammar 404• Ministry of Industry• Ministry of Foreign Affairs• Tunisian Stock Exchange
![Page 59: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/59.jpg)
Operation Egypt
Date May 2011
Target Egyptian Government Websites
Attack Method DDOS:• Cabinet Minster• Ministry of the Interior • Ministry of Communications and Technology
![Page 60: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/60.jpg)
HBGary Federal
Date February 2011
Target Aaron Barr for a talk he was going to give on exposing anonymous members at a bsides event in San Francisco.
Attack Method HBGary.com• SQLI hbgary.comAaron Barr• Released SSN• Released personal emails• Took over his twitter account• Remotely Wiped IPAD/IPHONE• Exposed his World of Warcraft character name.
• Obviously the most embarrassing.
![Page 61: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/61.jpg)
Operation Anti-Sec
Date February 2011
Targets Police associations and federal security contractors for the arrest of anonymous and lulzsec members.
Attack Method DDOS:United States Court of Appeals for the Ninth Circuit SQLI: IRC FederalBooz Allen HamiltonVanguard Defense Missouri Sheriffs' AssociationTexas Police Chiefs Association Arizona Department of Public SafetyDOX:Richard Garcia
![Page 62: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/62.jpg)
Operation Orlando
Date June 2011
Targets The city of Orlando for the arrest of “food not bombs” members for handing out food in city parks without a free permit.
Attack Method DDOS:• Orlando Mayor’s websiteSQLI:• Roman Catholic Diocese of Orlando• Rotary Club of Orlando • Orlando Chamber of CommerceThreat of Physical Violence:• Orlando Mayor
![Page 63: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/63.jpg)
Orlando Mayor
![Page 64: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/64.jpg)
Operation Bart
Date August 2011
Target BART for shutting down cell phone repeater services to stop protest of the murder of Oscar Grant.
Attack Method SQLI:• BART Police Officer’s Association• MyBART.org
![Page 65: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/65.jpg)
Operation DarkNet
![Page 66: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/66.jpg)
Operation MegaUpload
Date January 2012
Targets Anyone involved in the criminal case against Megaupload.
Attack Method DDOS:UMG (Universal Music Group)Warner Brothers MusicMPAARIAAUnited States Department of JusticeFBI
![Page 67: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/67.jpg)
Vatican Website Attacks
![Page 68: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/68.jpg)
Operation Russia
Date February 2012
Targets Email accounts of prominent pro-Kremlin activists and officials. Dispensing that information at @OP_Russia on twitter.
Attack Method Email Hack of:Kristina PotupchikPress secretary for Nashi youth movementOleg Khorokhordin Deputy head of the Department for Internal Affairs at the Presidential AdministrationVasily YakemenkoHead of the Federal Agency for Youth Affairs
![Page 69: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/69.jpg)
What we learned.
![Page 70: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/70.jpg)
Not Advanced; But Persistent
![Page 71: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/71.jpg)
![Page 72: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/72.jpg)
Target by Association
![Page 73: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/73.jpg)
Guilty by Association
![Page 74: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/74.jpg)
Sympathetic Industry?
• Brings recognition to their jobs. • Helps increase funding. • Get to LULZ at the victim.
![Page 75: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/75.jpg)
How can we stop it?
![Page 76: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/76.jpg)
Real Security Awareness
![Page 77: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/77.jpg)
Real Security Awareness
![Page 78: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/78.jpg)
Hack Yourself
![Page 79: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/79.jpg)
Hire a Penetration Tester
![Page 80: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/80.jpg)
Help Your Associates
![Page 81: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/81.jpg)
Listen!
![Page 82: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/82.jpg)
Есть вопросы?
![Page 83: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/83.jpg)
Contact Info
• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives
• @jgamblin (twitter)• [email protected]• www.jerrygamblin.com
![Page 84: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/84.jpg)
Благодарю вас!
![Page 85: What we can learn from LulzSec](https://reader031.fdocuments.net/reader031/viewer/2022022402/546a7b75af79598c2c8b69af/html5/thumbnails/85.jpg)
#LulzSecReborn(They are making a comeback)